Foundry gives you model access. Kimss gives you a product-ready AI platform: one API key for chat and agents, Entra SSO, tenant isolation, spend controls, and audit-ready gateway telemetry — all Azure-native.
You keep Azure AI Foundry. Kimss adds governance, billing, and a single developer surface — the secured multi-tenant control plane your platform team would otherwise build on top.
Kimss does not replace Microsoft infrastructure. It is the product layer that turns Foundry into a governed, multi-tenant AI platform.
| Capability | Azure AI Foundry alone | Foundry + Kimss |
|---|---|---|
| Model & agent execution | Native Foundry projects and deployments | Same Foundry backend — Kimss routes per workspace |
| Multi-tenant workspaces | Build and operate yourself | Built-in PostgreSQL row-level isolation + workspace model |
| Identity (Entra SSO, SCIM) | Wire Entra and provisioning yourself | Entra SSO, admin consent, optional SCIM 2.0 (Identity & SSO) |
| One key: chat + agents | Separate integration paths per modality | One gateway, two playgrounds — same Kimss API key |
| Spend control | Ad-hoc or per-project budgets | Redis credit pools, soft and hard caps, Kimss Credits |
| Usage & chargeback | Custom metering and exports | Normalized credits, execution logs, per-tenant reporting |
| Audit trail for procurement | You design the logging sink | Optional APIM gateway logs to Log Analytics (compliance architecture) |
| Time to embed agents in product | Weeks to months of orchestration work | pip install kimss + workspace API key via SDK |
| Procurement | Foundry billing only | Azure Marketplace Kimss Enterprise PAYG + invoice options |
Six reasons platform and security teams choose Kimss on top of Foundry — not instead of it.
Using AI to write code is not the same as shipping governed agents in your product. Kimss is the orchestration layer you would otherwise staff with platform engineers.
Do not prototype on raw APIs then scramble for identity, metering, and audit. Start with the control plane; ship features on a governed foundation.
Chat inference and full agentic flows — tools, retrieval, code interpreter — on one Kimss key. Foundry routing per workspace, not separate vendor stacks.
Workspace visibility and execution logs answer “who changed that prompt?” without a crisis email. Govern agents like production software.
Gateway logs to Log Analytics, admin audit trail, and security questionnaire evidence. Formal attestations available under NDA during procurement.
Managed Identity, Entra, dedicated Foundry mapping per tenant — the same stack your CISO already approved. Procure via Azure Marketplace.
Kimss sits between your applications and Foundry — auth, credits, and routing before models run.
See the full interactive system spec: Kimss Architecture →
Every worker uses
— worksfusion multi-agent fleet on Kimss · Read the story →kimss.KimssClientfor chat, agents, and vector stores. No direct OpenAI or Azure AI SDK calls in application code — a runtime guard enforces that policy.
Share this page with your platform team, or dive into the full documentation.